Use After Free in Mozilla Firefox
CVE-2011-3659
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorr…
Vulnerability class: Use-After-Free
EPSS: 0.725 (98.8th percentile) — read the EPSS interpretation.
Affected products
- Mozilla Firefox
- Mozilla Seamonkey
- Mozilla Thunderbird
- Opensuse — versions 11.4
- Suse Linux_enterprise_desktop — versions 10, 11
- Suse Linux_enterprise_server — versions 10, 11
- Suse Linux_enterprise_software_development_kit — versions 10, 11
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (x_refsource_CONFIRM, Exploit, Patch, Issue Tracking, Vendor Advisory)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- SUSE-SU-2012:0198 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- MDVSA-2012:013 (vendor-advisory, Third Party Advisory, x_refsource_MANDRIVA)
- SUSE-SU-2012:0221 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- oval:org.mitre.oval:def:14697 (x_refsource_OVAL, signature, Third Party Advisory, vdb-entry)
- openSUSE-SU-2012:0234 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
Frequently asked questions
- What is CVE-2011-3659?
- CVE-2011-3659 is a vulnerability in Mozilla Firefox, classified under Use After Free. Published 2012-02-01.
- Is CVE-2011-3659 known to be exploited?
- 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.